Letsencrypt

10 June 2018

So SSL is here. Yes, I’m late to the party on this one. But time to
get it working on a few things.

None of these services are exposed to the outside world, but I thought
I’d be a tidy kiwi and learn how to do this thang.

Setting up my router

First, on my Edgerouter, I followed the instructions
from j-c-m. It uses the
good’ol bash script
from Neil Pang, plus j-c-m’s
own code.

To use acme.sh when you don’t have a webserver, per se, it’s necessary
to do stuff on your DNS. It’s much easier if your DNS has some kind of
API.
Alas, NameCheap. Pretty straightforward.
Then it was down to work on the Edgerouter.

Setting up NAS

Next stop was my FreeNAS box. For this I followed the very helpful instructions (and scripts) from danb35.

There were a few things that fooled me for a while. After my first attempt, when I ran deploy_freenas.py I kept trying to install certificates, only to have it fail with a Response 400 error. After putting in some debug code, I realised it was because I already had certificates — the code names the certificates on any particular day with the same name. Once I deleted the certificates on FreeNAS things were better. Except …

… at the end of the freenas.py script, it reset the webserver on the FreeNAS the subsequent broken connection to the server gave an error. Specifically, I got something like this: